[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    Re: kdegraphics/kpdf/kpdf [POSSIBLY UNSAFE]
From:       Albert Astals Cid <tsdgeos () terra ! es>
Date:       2004-09-14 17:22:04
Message-ID: 200409141922.04959.tsdgeos () terra ! es
[Download RAW message or body]

A Dimarts 14 Setembre 2004 11:27, vĂ reu escriure:
> On Tuesday 14 September 2004 00:20, Albert Astals Cid wrote:
> >   M +240 -70   kpdf_part.cpp   1.78 [POSSIBLY UNSAFE: system]
>
> hmm, no quoting at all done for the parameters? 
What is quoting?

> Aren't those supplied by the .pdf itself?
Of course the pdf supplies the program and the parametes it want to run, i get 
them and if the user agrees on executing the program with the given 
parameters it is executed using system (i could use something else but the 
code is copied from xpdf)

> its rather dangerous to do that. 

If i am asking the user

Do you want to execute the command:\n%1

I don't find it dangerous at all.

Albert

>
> Dirk

[prev in list] [next in list] [prev in thread] [next in thread]